On 25/02/15 17:59, Shaun Martin wrote:
Hi,

I am having an issue with the forward first not appear to be working. I have two separate IPA servers that server separate realms. I have for the reverse zone configured forwarders to point to the other realms IPA server. All versions are identical on the IPA servers. I have included details on version and tests that show this is not working.

$ yum list installed |grep bind-dyndb-ldap
bind-dyndb-ldap.x86_64                 3.5-4.el7             @base

$ yum list installed |grep ipa
ipa-admintools.x86_64  3.3.3-28.0.1.el7.centos.3       @updates
ipa-client.x86_64  3.3.3-28.0.1.el7.centos.3       @updates
ipa-python.x86_64  3.3.3-28.0.1.el7.centos.3       @updates
ipa-server.x86_64  3.3.3-28.0.1.el7.centos.3       @updates
libipa_hbac.x86_64 1.11.2-68.el7_0.6 @updates libipa_hbac-python.x86_64 1.11.2-68.el7_0.6 @updates
python-iniparse.noarch                 0.4-9.el7             @anaconda
sssd-ipa.x86_64

*BELOW IS WITH FORWARDING DISABLED*. It cannot find 10.1.0.9 but can find 10.1.20.9. This is expected as this server only has the 10.1.20.9 record.
$ nslookup
> server 10.1.20.9
Default server: 10.1.20.9
Address: 10.1.20.9#53
> 10.1.20.9
Server:10.1.20.9
Address:10.1.20.9#53

9.20.1.10.in-addr.arpaname = prd-ops-ipa01.uzb.local.
> 10.1.0.9
Server:10.1.20.9
Address:10.1.20.9#53

** server can't find 9.0.1.10.in-addr.arpa.: NXDOMAIN

*BELOW IS WITH FORWARDING ENABLED*. It cannot find 10.1.20.9 but can find 10.1.0.9. This is expected as the forwarding server only has the 10.1.0.9 record.
> 10.1.20.9
Server:10.1.20.9
Address:10.1.20.9#53

** server can't find 9.20.1.10.in-addr.arpa.: NXDOMAIN
> 10.1.0.9
Server:10.1.20.9
Address:10.1.20.9#53

Non-authoritative answer:
9.0.1.10.in-addr.arpaname = ops-ipa01.bbf.local.

Authoritative answers can be found from:
1.10.in-addr.arpanameserver = ops-ipa01.bbf.local.


*BELOW IS WITH FORWARD FIRST ENABLED*. It cannot find 10.1.20.9 but can find 10.1.0.9. This is un-expected as the local zone has the 10.1.20.9 and the forward server has the 10.1.0.9 so we should be getting both.
> 10.1.20.9
Server:10.1.20.9
Address:10.1.20.9#53

** server can't find 9.20.1.10.in-addr.arpa.: NXDOMAIN
> 10.1.0.9
Server:10.1.20.9
Address:10.1.20.9#53

Non-authoritative answer:
9.0.1.10.in-addr.arpaname = ops-ipa01.bbf.local.

Authoritative answers can be found from:
1.10.in-addr.arpanameserver = ops-ipa01.bbf.local.
ops-ipa01.bbf.localinternet address = 10.1.0.9


Any help is greatly appreciated.

Thanks,
Shaun


Shaun Martin
IT\OPS Manager
Black Duck Software
O: +1.781.425.4336

Black Duck Software <http://www.blackducksoftware.com/> | OpenHUB <https://www.openhub.net/> | OSDelivers <http://osdelivers.blackducksoftware.com/> | OSS Logistics <https://www.blackducksoftware.com/oss-logistics>

<http://twitter.com/black_duck_sw><https://www.linkedin.com/company/black-duck-software><https://www.facebook.com/BlackDuckSoftware><https://plus.google.com/+Blackducksoftware/><http://www.slideshare.net/blackducksoftware>

/JP Morgan Chase & Co. Hall of Innovation Inductee/ <https://www.youtube.com/user/BlackDuckSoftware>



Hello,

we need more info:
do you use global forwarders, or zone forwarders?
how your reverse zones are configured (name, delegation)?

Default forwarding policy is first, IMO both of your examples with forwarding enabled are forwarding first policy.

Martin

--
Martin Basti

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to